Ask a question


How can we help you today?

Ask Question
Manage notifications
Subscribe to this question
Chad Elofson

SBS 2011 to Windows Server 2019 - Active Directory Migration Failure - Chapter 7 Step 17

Hello,

I am on the process of getting the Windows Server 2019 to a Domain Controller and I am getting a failure at step 17.  Where I try to install the Domain Controller services after getting the domain and credentials:

Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName $currentDomain -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$true -SysvolPath "C:\Windows\SYSVOL" -credential $cred -Force:$true -Confirm:$false -SafeModeAdministratorPassword (ConvertTo-SecureString 'ADRestoreModePassword_ChangeThis' -AsPlainText -Force)

 

I made sure to update the ADRestoreModePassword and configured it to the correct password I know.  When I check the logs I got the following towards the end of the Adprep log file:

[Status/Consequence]

Adprep merged the existing default security descriptor with the new access control entry (ACE). 
[2021/07/18:12:34:45.289]
Adprep was about to call the following LDAP API. ldap_add_s(). The entry to add is cn=c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=pavilion,DC=local.
[2021/07/18:12:34:45.320]
LDAP API ldap_add_s() finished, return code is 0x0 
[2021/07/18:12:34:45.320]
Adprep successfully created the Active Directory Domain Services object cn=c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=pavilion,DC=local.
[2021/07/18:12:34:45.320]
Adprep was about to call the following LDAP API. ldap_sdearch_s(). The base entry to start the search is cn=00232167-f3a4-43c6-b503-9acb7a81b01c,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=pavilion,DC=local.
[2021/07/18:12:34:45.320]
LDAP API ldap_search_s() finished, return code is 0x20 
[2021/07/18:12:34:45.320]
Adprep verified the state of operation cn=00232167-f3a4-43c6-b503-9acb7a81b01c,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=pavilion,DC=local. 

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.
[2021/07/18:12:34:46.680]
Adprep was unable to complete because the call back function failed. 

[Status/Consequence]

Error message: Unable to access the computer "SBSERVER.pavilion.local". The network path was not found.

 (0x80070035).

[User Action]

Check the log file ADPrep.log, in the C:\Windows\debug\adprep\logs\20210718123323 directory for more information.


DSID Info:
DSID: 0x18111320
winerror = 0x1f
NT BUILD: 17763
NT BUILD: 475

[2021/07/18:12:34:46.680]
Adprep was unable to update forest information. 

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20210718123323 directory for more information. 
[2021/07/18:12:34:46.680]
Adprep successfully stopped using the specified credentials for network connections.
[2021/07/18:12:34:46.680]
Adprep successfully closed the network connection to the Active Directory Domain Controller SBSERVER.pavilion.local.

I double checked the the Schema Version, which moved to 88 without issue:

PS C:\Windows\system32> Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion


DistinguishedName : CN=Schema,CN=Configuration,DC=pavilion,DC=local
Name              : Schema
ObjectClass       : dMD
ObjectGUID        : 9c87b049-29d5-4ba5-b205-b9fa4dc7bc87
objectVersion     : 88

 

But it won't complete the AD Prep.

Could you please direct me towards an area to check?

Thank you

Chad Elofson

 

asked07/18/2021 22:55
49 views
Add Comment
Mariette Knap

I have two questions for you:

  1. Did you migrate FRS to DFSR before doing this step?
  2. Did you possibly join the new server to the domain before doing this step?
Chad Elofson

Hello,

Did you migrate FRS to DFSR before doing this step?

I have been following the guide.  The only difference is that the server is not brand new.
 
Here is the results from the following commands:
 
PS C:\Windows\system32> DfsrMig /GetMigrationState

All Domain Controllers have migrated successfully to Global state ('Eliminated').
Migration has reached a consistent state on all Domain Controllers.
Succeeded.
PS C:\Windows\system32> DfsrMig /GetGlobalState

Current DFSR global state: 'Eliminated'
Succeeded.

Did you possibly join the new server to the domain before doing this step?

Yes, this server has been on the domain for a while now.  I started it as a file server and now slowly working on making it the primary DC.

Outside of that, I have been following the SBS 2011 to Windows Server 2019 guide fairly closely.  The only difference has been that I am not installing a new Windows 2019 Server.

Chad Elofson

 

replied 07/19/2021 09:57
Mariette Knap

Chad,

I have seen this go wrong when the server is already a domain member. I think best way is to remove ADDS from that new DC. If it prompts you to demote first pls do that. After a reboot install ADDS from add/remove roles within server manager and promote it using the GUI. You will be prompted to promote the server if you install the role.

If that does not work for you I would like to reach out to you and do a Microsoft Teams session.

replied 07/19/2021 10:31
Chad Elofson

OK, so I think I might have a problem.

PS C:\Windows\system32> Uninstall-ADDSDomainController -LocalAdministratorPassword $adminPassword -Credential $cred -DnsDelegationRemovalCredential $cred -RemoveDnsDelegation

The server will be automatically restarted when this operation is complete. The domain will no longer exist after
you uninstall Active Directory Domain Services from the last domain controller in the domain.
Do you want to continue with this operation?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

 

It is claiming that the Domain will no longer exist if I proceed with removing ADDS from the server.

 

So I have a couple of options really.

1. Get your help

2. The Windows Server 2019 License allows me to install 2 VM.  Currently, I only have one VM installed, which I am trying to make the DC.  Just that I don't know if my client would want to waste their second server for just a domain controller for 30 users.

So I think I will need a little assistance.

 

Chad Elofson

replied 07/19/2021 11:11
Mariette Knap

Do not uninstall anything. Write me an email and I will get back to you

replied 07/19/2021 11:38
Chad Elofson

Sorry, how do I do that?  Through the Contact form?

 

Chad

replied 07/19/2021 11:59
Reply
Last Activity 07/24/2021 13:21

No answers found

Add an Answer